[ZEPPELIN-4167] if runners permission is empty, every authenticated user can view the notebook - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 0.8.0
Fix Version/s: None
Component/s: security
Labels:
None

Description

Upgrading from 0.7 we realised that all notebooks are listed and can be opened and can be viewed by all authenticated user. We have found that runners permission was empty in the gui and was not there as a key in notebook-authorization.json. Because of this all notebooks become readable for all authenticated users.

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: András Hegedüs

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 23/May/19 13:56

Updated:: 22/Sep/20 15:01